Central logging and audit.log
Scott R. Ehrlich
scott at MIT.EDU
Wed Apr 23 16:33:21 UTC 2008
I am looking at using all in-house tools (syslog.conf,
/etc/sysconfig/syslog, and gnome-log-viewer or have the log file go to a
web-accessed file), with everything being logged to
/var/log/master_log_file or /var/www/master_log_file.
What the master_log_file doesn't capture are the entries in audit.log.
If I use the viewer to review audit.log, I get the raw date/time stamp
format, which is not human readable.
So, how can I get audit.log (from all clients) details to pipe (really
also get copied) to the master_log_file, and, along the way, be properly
interpreted by ausearch -i so I can actually tell the proper date/time of
the entries?
Thanks.
Scott
More information about the redhat-list
mailing list